Most think HIPAA applies only to medical practices and hospitals. Although true, this is not completely accurate. In reality security and confidentiality rules apply to anybody performing services for a client in the medical field.
A phone system is, usually, not top of mind when it comes to security and compliance – but, believe it or not, it should be. HIPAA does not require communications with the phone company to be “secure”. This is why faxing is heavily used in the medical profession… However, all inter-office communications must be. A modern phone system based on Voice Over IP technologies is a data system. And it must be secured just like an electronic medical records system. The easiest problem to discern in a phone system is voicemail which can include private health information.
For compliance an inter-office call must be encrypted. And when it comes to voicemail to email (a staple of modern systems), the transmission from the phone system to the email system must be done in an encrypted, private way. Overall, any communication coming from a medical practice must be secure regardless of transmission methods.
Although HIPAA applies to the medical profession, its standards can be useful to many business that have security needs including law offices, and any other businesses that handle private customer information.